Flame Malware: A Sleeping Giant

A complex malware known as Flame has reared its ugly head and has security research firms scratching their heads with wonder, trying to find the answers to several questions. Just how long this sleeping giant has been around is not exactly known. Preliminary reports from Symantec say it may have been around since 2010, while other security research firms believe Flame has been around since 2007, freely roaming the Internet, undetected by antivirus companies.

No matter how long Flame has existed, CrySys researchers claim it is the most sophisticated malware they have come across and quite possibly the most complex malware ever discovered, according to PC Magazine. Udi Modkady, Cyber-Ark CEO, claims this virus is 20 times more advanced than the Stuxnet computer worm discovered in 2010. Flame malware is alive and waits for directions from its master. It is waiting to be told where to go and what to do next.

Just how large is Flame malware? Dave Marcus, director of security research at McAfee, told eSecurity Planet that most malware ranges in size from 1 MB to 3 MB, whereas Flame is noticeably larger at around 30 MB. Other security research firms believe it to be the largest piece of malware they have ever analyzed, predicting it could take months to go through the whole thing. According to CNN, Alexander Gostev, Kaspersky Lab's chief security expert, predicts it may take years to complete the analysis of Flame's code because of its size and complexity. Kaspersky Lab took 6 months to analyze Stuxnet, leading some to believe it may take 10 years to completely understand Flame.

According to Dave Marcus, Flame appears to attack a specific geographical region, with little chance of it becoming widespread. This is clear with the discovery that most of the infected computers were located in Iran, with Israel running a close second. In fact, it was the Iranian Computer Emergency Response Team that alerted security research firms to this malicious code that steals information from infected computers and sends it back to a network comprising at least 10 command and control servers. It appears the original design of the malware was intended to ensure modular scalability. The writers used several different types of encryption and coding techniques with a local database built-in. This local database could potentially store information taken from handheld devices, even when not connected to the Internet. If the malware can infiltrate a handheld device while it isn't connected to the Internet, it could effectively store all the data and move it to a command and control server in the future.

Although no one seems to know who wrote the Flame code, many experts agree that a single person could not develop a malware this large and complex on her own. CrySys researchers think Flame could be a tool of cyber warfare, but others disagree with the notion that Flame was developed by a government agency, even though Israel, the U.S., China, and Russia have the funds and the knowledge, according to Udi Modkady. Currently, Symantec's research team is attempting to trace Flame back to it origin. They are digging for any evidence that may link any threats Flame has exposed.

Even though the Flame malware is a massive, the risk to most organizations appears moderate. The chance of IT departments in the U.S. encountering an attack of Flame, is minimal. Even if Flame malware infected your database, it probably wouldn't affect anything. Major antivirus vendors are already coming up with detection signatures to identify Flame, so keeping your antivirus software updated and making sure your employees update the antivirus software on any device they use for business should keep your database safe.

This post was written as part of theIBM for Midsize Businessprogram, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us onFacebook. Follow us onTwitter.

More on This Topic

The managed security services market has been in play for more than a decade. Not surprisingly, it continues to show vibrant growth, fueled in part by cloud-related factors. Research and Markets, in a January 2015 report, estimated that market growth ...

Concerns about cybersecurity are rising, but most people think about hackers stealing credit card data from corporate databases, while it may be just as critical to worry about services we take for granted, like the electric grid or air traffic ...

Hospitals are concentrating on health data security and patient engagement, according to a new study from the American Hospital Association and the College of Healthcare Management Executives that was recently featured in Health IT Security. Managed service providers (MSPs) with ...

Brevity, according to Shakespeare, is the soul of wit. When it comes to the language used to describe the current and future state of information technology (IT), brevity seems to be the soul of it as well. Consider, for example, ...

About the Author

I have extensive computer knowledge from years of working with systems including performing multiple security updates for both my personal and business computers. I have experience with building computers, which ...

Featured Event

Featured Resources

This is PivotPoint

PivotPoint is a powerful resource to help drive business growth and opportunities for MSPs and CSPs.
Powered by valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate and scale your business.
Whether you’re looking to expand into higher-value solutions or build, manage and secure your infrastructure, PivotPoint is the destination and IBM is the partner to get you there.